SLUG Mailing List Archives
[SLUG] non-root users cant use network
- To: slug@xxxxxxxxxxx
- Subject: [SLUG] non-root users cant use network
- From: Chris Barnes <chris.p.barnes@xxxxxxxxx>
- Date: Mon, 29 Aug 2011 13:06:34 +1000
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:from:date:message-id:subject:to:content-type; bh=AeaBxkUYdWTTJNdk3vrEy8FPga2iL9dVzP47bo23QnI=; b=U+FDjCEIS1V7S3Jo3IbS/YXQ/CqfcAP7b0g35LhIpBPWvqP5AJaOkCW7m9l+c5mI0Z N01Df/McHaYOdjCVe17BLhX0d+9JzC3RkJzCvYSwUXvbw6fX2D8dhd0vJ1DQ0oJsYMxb bkdLpN/WKM8+cm6fPZ5+ZVJRuRGkUEW1iFnqg=
I'm fairly new to the list.
I've got what I would consider an interesting issue with a little
netbook I've been playing around with.
basically regular users cannot make any outbound network connections.
cpbarnes@netbook:~$ ping 127.0.0.1
socket: Permission denied
cpbarnes@netbook:~$ wget http://127.0.0.1/
Connecting to 127.0.0.1:80... failed: Permission denied.
doing the same as root works.
Interestingly when i do:
i can see the loopback interface AND its ip address 127.0.0.1
however as a regular user i get:
"warning: no inet socket available: no such file or directory"
i can see the loopback interface but there is no ip address.
heres a little background.
The netbook features an ARM processor, 128meg RAM, and the main
storage is a USB thumb drive wired straight on to the mainboard.
It came pre-loaded with Windows CE 6 however, as stunning and feature
rich as it was, i got my hands on the vendors linux install for the
netbook and installed that.
The vendors Linux install is Debian based, ive got 2 varients, Debian
5 and Debian 6. Both present the same problem. I've tried updating the
installed packages but the problem persists.
The Linux kernel supplied appears to be a customised 2.6 and pretty
much all the modules are compiled in.
ive done a stack of searching on the interwebs. a lot of people talk
about needing to setuid on the ping bin, but this is already done
root@netbook:~# ls -l /bin/ping
-rwsr-xr-x 1 root root 34984 oct 14 2010 /bin/ping
and besides, its not just ping that isnt working.
i get this problem with the loopback interface, with the ethernet
interface, and with the wireless interface.
/sbin/route shows no entries, not even locally connected networks but
even after adding one problem persists.
route add -net 127.0.0.0/8 lo
some people have also suggested ip tables could be the problem but as
far as I can tell no rules are installed. it doesnt even look like
iptables support is compiled into the kernel
root@netbook:~# /sbin/iptables -L
iptables v1.4.8: can't initialize iptables table `filter`: iptables
who? (do you need insmod?)
Perhaps iptables or your kernel needs to be upgraded.
I've never seen a problem like this. Does anyone have any ideas or
suggestions on what to look for or what to try next?
Thanks or your time.